oweals/openssl.git
5 years agoi2d_PublicKey was listed in 2 different man pages
Matt Caswell [Thu, 6 Jun 2019 11:14:28 +0000 (12:14 +0100)]
i2d_PublicKey was listed in 2 different man pages

find-doc-nits complains if a symbol is documented in more than one
location.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9094)

5 years agoMake find-doc-nits check for newly added undocumented symbols
Matt Caswell [Thu, 6 Jun 2019 11:12:49 +0000 (12:12 +0100)]
Make find-doc-nits check for newly added undocumented symbols

We create lists of undocumented functions and macros as they are now so
that find-doc-nits can check for newly introduced functions/macros that
are undocumented.

This works in a similar way to the -u and -d options to find-doc-nits.
These count undocumented symbols and print a detailed list of undocumented
symbols repsectively. This commit adds the -v and -e options to restrict
the count/detailed list to newly added undocumented symbols only.

There is also a new -s option that does the same as -e except that it
produces no output if there are no newly undocumented symbols.

We also amend "make doc-nits" to add the -s option which should cause
travis to fail if a PR adds undocumented symbols.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9094)

5 years agoConfigure: count basenames for all library sources
Richard Levitte [Tue, 11 Jun 2019 16:11:25 +0000 (18:11 +0200)]
Configure: count basenames for all library sources

Make sure that each basename only appears once.  This is due to the
static library archiver on Unix, that indexes archived object files by
base name only, thereby making base name clashes...  interesting.

This is a safety net for OpenSSL developer!

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9133)

5 years agoEnsure code is compiled with correct BIGNUM assembler defines
Matt Caswell [Tue, 11 Jun 2019 12:49:43 +0000 (13:49 +0100)]
Ensure code is compiled with correct BIGNUM assembler defines

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)

5 years agoAdd some dummy BIGNUM calls from inside the FIPS provider
Matt Caswell [Tue, 11 Jun 2019 11:06:27 +0000 (12:06 +0100)]
Add some dummy BIGNUM calls from inside the FIPS provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)

5 years agoMake BIGNUM code available from within the FIPS module
Matt Caswell [Wed, 29 May 2019 16:31:22 +0000 (17:31 +0100)]
Make BIGNUM code available from within the FIPS module

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)

5 years agoTemporarily disable RAND call in FIPS_MODE until RAND is available
Matt Caswell [Thu, 30 May 2019 14:42:32 +0000 (15:42 +0100)]
Temporarily disable RAND call in FIPS_MODE until RAND is available

Other commits will enable the RAND code in FIPS_MODE. Until those commits
are in place we temporarily disable making RAND calls while in FIPS_MODE.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)

5 years agoConvert bn_rand.c to use EVP
Matt Caswell [Wed, 29 May 2019 16:29:34 +0000 (17:29 +0100)]
Convert bn_rand.c to use EVP

Replace the low level SHA512_* function calls with EVP calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)

5 years agoCreate BN_CTX_new_ex() and BN_CTX_secure_new_ex()
Matt Caswell [Wed, 29 May 2019 16:03:53 +0000 (17:03 +0100)]
Create BN_CTX_new_ex() and BN_CTX_secure_new_ex()

These variants of BN_CTX_new() and BN_CTX_secure_new() enable passing
an OPENSSL_CTX so that we can access this where needed throughout the
BIGNUM sub library.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)

5 years agoRemove redundant include
Acheev Bhagat [Wed, 12 Jun 2019 00:28:04 +0000 (20:28 -0400)]
Remove redundant include

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9137)

5 years agoOSSL_PARAM example code bug fix.
Pauli [Tue, 11 Jun 2019 23:48:13 +0000 (09:48 +1000)]
OSSL_PARAM example code bug fix.

Technically not a bug since the code worked but the array index shouldn't have
been constant after searching for the field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9136)

5 years agoMove a fall through comment
Matt Caswell [Tue, 11 Jun 2019 12:27:45 +0000 (13:27 +0100)]
Move a fall through comment

When compiling with --strict-warnings using gcc 7.4.0 the compiler
complains that a case falls through, even though there is an explicit
comment stating this. Moving the comment outside of the conditional
compilation section resolves this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9131)

5 years agoFix a URL to the NMBRTHRY list archive
Bernd Edlinger [Mon, 10 Jun 2019 08:24:35 +0000 (10:24 +0200)]
Fix a URL to the NMBRTHRY list archive

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9123)

5 years agoFix app opt compile failure due to missing <inttypes.h>
Shane Lontis [Tue, 11 Jun 2019 08:19:20 +0000 (18:19 +1000)]
Fix app opt compile failure due to missing <inttypes.h>

opt.c uses functions that are only available if inttypes.h exists.
It now checks a define which is unavailable if
inttypes.h is included. The include is done automagically inside e_os2.h.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8986)

5 years agoFix Windows Compile failure due to missing <inttypes.h>
Shane Lontis [Tue, 11 Jun 2019 08:17:52 +0000 (18:17 +1000)]
Fix Windows Compile failure due to missing <inttypes.h>

Including <inttypes.h> caused a windows build failure.
The test is now skipped if strtoimax & strtoumax are not supported.
It does this by checking for a define which is only available if
inttypes.h is not included. The include is done automagically inside e_os2.h.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8986)

5 years agoAdd defines to indicate if intypes.h and stdint.h are unavailable
Shane Lontis [Tue, 11 Jun 2019 08:16:51 +0000 (18:16 +1000)]
Add defines to indicate if intypes.h and stdint.h are unavailable

Use the defines OPENSSL_NO_INTTYPES_H & OPENSSL_NO_STDINT_H to determine
if the headers are unavailable for a platform.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8986)

5 years agoPBKDF2 updates to conform to SP800-132
Shane Lontis [Fri, 3 May 2019 03:04:58 +0000 (13:04 +1000)]
PBKDF2 updates to conform to SP800-132

The existing code used PKCS5 specifications.
SP800-132 adds the following additional constraints for:
  - the range of the key length.
  - the minimum iteration count (1000 recommended).
  - salt length (at least 128 bits).
These additional constraints may cause errors (in scrypt, and
some PKCS5 related test vectors). To disable the new
constraints use the new ctrl string "pkcs5".
For backwards compatability, the checks are only enabled by
default for fips mode.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8868)

5 years agoMake EVP_MD_CTX_ctrl() work for legacy use cases (ssl3).
Shane Lontis [Fri, 7 Jun 2019 02:05:23 +0000 (12:05 +1000)]
Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3).

This is still required currently by engines and digestsign/digestverify.
This PR contains merged in code from Richard Levitte's PR #9126.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9103)

5 years agoFix Keccak structure name reference in S390 legacy code
Shane Lontis [Mon, 10 Jun 2019 02:40:13 +0000 (12:40 +1000)]
Fix Keccak structure name reference in S390 legacy code

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9120)

5 years agoFix doc to remove const arg in GEN_SESSION_CB
Shigeki Ohtsu [Fri, 7 Jun 2019 02:49:48 +0000 (11:49 +0900)]
Fix doc to remove const arg in GEN_SESSION_CB

ae3947de095 changed the callback arg not to have a const parameter.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9104)

5 years agoChange cipher default strings to a function
Todd Short [Fri, 5 Apr 2019 14:03:29 +0000 (10:03 -0400)]
Change cipher default strings to a function

Making the default cipher strings a function gives the library more
control over the defaults. Potentially allowing a change in the
future as ciphers become deprecated or dangerous.
Also allows third party distributors to change the defaults for their
installations.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8686)

5 years agoBIO_lookup_ex: Retry with AI_ADDRCONFIG cleared if getaddrinfo fails
Tomas Mraz [Fri, 7 Jun 2019 09:34:42 +0000 (11:34 +0200)]
BIO_lookup_ex: Retry with AI_ADDRCONFIG cleared if getaddrinfo fails

The lookup for ::1 with getaddrinfo() might return error even if
the ::1 would work if AI_ADDRCONFIG flag is used.

Fixes: #9053

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9108)

5 years agoImprove the Windows OneCore target support. (Add targets for building libraries for...
MouriNaruto [Sat, 11 May 2019 21:10:58 +0000 (05:10 +0800)]
Improve the Windows OneCore target support. (Add targets for building libraries for Windows Store apps.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8917)

5 years agodoc/internal/man3/ossl_method_construct.pod: follow common conventions
Richard Levitte [Fri, 7 Jun 2019 10:30:01 +0000 (12:30 +0200)]
doc/internal/man3/ossl_method_construct.pod: follow common conventions

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9109)

5 years agoEVP fetching: make operation_id part of the method identity
Richard Levitte [Fri, 7 Jun 2019 09:44:08 +0000 (11:44 +0200)]
EVP fetching: make operation_id part of the method identity

Because the operation identity wasn't integrated with the created
methods, the following code would give unexpected results:

    EVP_MD *md = EVP_MD_fetch(NULL, "MD5", NULL);
    EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "MD5", NULL);

    if (md != NULL)
        printf("MD5 is a digest\n");
    if (cipher != NULL)
        printf("MD5 is a cipher\n");

The message is that MD5 is both a digest and a cipher.

Partially fixes #9106

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9109)

5 years agoRevert the DEVRANDOM_WAIT feature
Dr. Matthias St. Pierre [Wed, 5 Jun 2019 09:09:46 +0000 (11:09 +0200)]
Revert the DEVRANDOM_WAIT feature

The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b87f037
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.

It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.

Fixes #9078

This partially reverts commit 38023b87f037.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9084)

5 years agoAdd documentation for new functions taking an OPENSSL_CTX parameter
Matt Caswell [Wed, 29 May 2019 15:03:57 +0000 (16:03 +0100)]
Add documentation for new functions taking an OPENSSL_CTX parameter

Various functions have been added that take an OPENSSL_CTX parameter as
a result of moving the RAND code into the FIPS module. We document all of
those functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)

5 years agoMove the rand_nonce_lock code into drbg_lib.c
Matt Caswell [Fri, 24 May 2019 15:36:44 +0000 (16:36 +0100)]
Move the rand_nonce_lock code into drbg_lib.c

It was previously rand_lib but it makes more sense in drbg_lib.c since
all the functions that use this lock are only ever called from drbg_lib.c

We add some FIPS_MODE defines in preparation for later moving this code
into the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)

5 years agoMake the rand_crng code OPENSSL_CTX aware
Matt Caswell [Thu, 23 May 2019 15:51:55 +0000 (16:51 +0100)]
Make the rand_crng code OPENSSL_CTX aware

This is in preparation for moving this code inside the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)

5 years agoConvert drbg_lib to use OPENSSL_CTX for its global data
Matt Caswell [Thu, 23 May 2019 13:35:31 +0000 (14:35 +0100)]
Convert drbg_lib to use OPENSSL_CTX for its global data

In preparation for moving the RAND code into the FIPS module we make
drbg_lib.c OPENSSL_CTX aware.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)

5 years agoReplace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
Acheev Bhagat [Fri, 7 Jun 2019 00:05:49 +0000 (20:05 -0400)]
Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9101)

5 years agoFixed typo in code comment.
David Makepeace [Fri, 7 Jun 2019 00:45:51 +0000 (10:45 +1000)]
Fixed typo in code comment.
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9102)

5 years agoChange EVP_MAC method from copy to dup
Kurt Roeckx [Tue, 18 Dec 2018 23:36:40 +0000 (00:36 +0100)]
Change EVP_MAC method from copy to dup

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
GH: #7651

5 years agoReplace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()
Kurt Roeckx [Sun, 4 Nov 2018 18:16:20 +0000 (19:16 +0100)]
Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
GH: #7651

5 years agoFix typo in macro argument of SSL_set1_client_sigalgs_list()
Dr. Matthias St. Pierre [Thu, 6 Jun 2019 11:28:29 +0000 (13:28 +0200)]
Fix typo in macro argument of SSL_set1_client_sigalgs_list()

Fixes #9092

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9093)

5 years agoAddress property documentation concerns.
Pauli [Thu, 6 Jun 2019 06:38:26 +0000 (16:38 +1000)]
Address property documentation concerns.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9090)

5 years agorename the digest provider files to avoid any name clashes with other folders
Shane Lontis [Wed, 5 Jun 2019 06:01:18 +0000 (16:01 +1000)]
rename the digest provider files to avoid any name clashes with other folders

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9083)

5 years agoCoverity fixes
Shane Lontis [Tue, 4 Jun 2019 01:32:58 +0000 (11:32 +1000)]
Coverity fixes

covID 1445689 Resource leak (in error path)
covID 1445318 Resource leak (in test - minor)
covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used)
covID 1443691 Resource leak (in app - minor)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9071)

5 years agoman: fix doc-nit in property.pod
Dr. Matthias St. Pierre [Wed, 5 Jun 2019 19:03:34 +0000 (21:03 +0200)]
man: fix doc-nit in property.pod

This causes travis build failures on master

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9087)

5 years agoDocument property hierarchy.
Pauli [Thu, 30 May 2019 01:37:12 +0000 (11:37 +1000)]
Document property hierarchy.

Add documentation to indicate the interaction between global (context level)
property queries and local (passed to fetch) ones.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9042)

5 years agoEVP_DigestInit_ex(): drop previous context engine earlier
Richard Levitte [Tue, 4 Jun 2019 14:15:46 +0000 (16:15 +0200)]
EVP_DigestInit_ex(): drop previous context engine earlier

If a EVP_MD_CTX holds a reference to a previously given engine, and
the type of its digest isn't the same as the one given in the new
call, drop that engine reference, allowing providers or other engines
to provide the new algorithm on an equal basis.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9077)

5 years agoDocument deprecation of version-specific SSL/TLS methods
Dr. Matthias St. Pierre [Fri, 24 May 2019 12:04:26 +0000 (14:04 +0200)]
Document deprecation of version-specific SSL/TLS methods

In commit 2b8fa1d56cd3 the version-specific SSL/TLS methods were
deprecated. This patch improves the documentation of that change
by stating the deprecation more prominently in the manual page
and explaining the reason for the deprecation.

Fixes #8989

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9001)

5 years agobuild_SYS_str_reasons: Fix a crash caused by overlong locales
Vitezslav Cizek [Tue, 4 Jun 2019 11:24:59 +0000 (13:24 +0200)]
build_SYS_str_reasons: Fix a crash caused by overlong locales

The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales.
The Russian locales consume 6856 bytes, Ukrainian even 7000.

build_SYS_str_reasons() contains an overflow check:

if (cnt > sizeof(strerror_pool))
    cnt = sizeof(strerror_pool);

But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer
works as cnt is incremented once more after the condition.

cnt greater than sizeof(strerror_pool) results in an unbounded
OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash.

When the first received error string was empty or contained only
spaces, cur would move in front of the start of the strerror_pool.

Also don't call openssl_strerror_r when the pool is full.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8966)

5 years agoRemove last references to DEBUG_SAFESTACK
Dr. Matthias St. Pierre [Mon, 3 Jun 2019 14:03:42 +0000 (16:03 +0200)]
Remove last references to DEBUG_SAFESTACK

The DEBUG_SAFESTACK preprocessor define is obsolete since 2008
when the non-safestack code was removed by commit 985de8634000.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9070)

5 years agoMove digests to providers
Shane Lontis [Thu, 11 Apr 2019 10:27:59 +0000 (20:27 +1000)]
Move digests to providers

Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)

5 years agoAdd missing parentheses in macro
Mathias Berchtold [Thu, 30 May 2019 05:25:31 +0000 (07:25 +0200)]
Add missing parentheses in macro

Add missing parentheses in macro

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9044)

5 years agoReally fail if we have a test failure
Matt Caswell [Fri, 31 May 2019 13:34:13 +0000 (14:34 +0100)]
Really fail if we have a test failure

Commit c5f7a99645a broke the test framework such that some tests might
fail, but the test framework still gives a PASS result overall.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9056)

5 years agoEnsure we get all the right defines for AES assembler in FIPS module
Matt Caswell [Thu, 30 May 2019 13:40:57 +0000 (14:40 +0100)]
Ensure we get all the right defines for AES assembler in FIPS module

There are various C macro definitions that are passed via the compiler
to enable AES assembler optimisation. We need to make sure that these
defines are also passed during compilation of the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)

5 years agoMake basic AES ciphers available from within the FIPS providers
Matt Caswell [Tue, 28 May 2019 10:25:08 +0000 (11:25 +0100)]
Make basic AES ciphers available from within the FIPS providers

These ciphers were already provider aware, and were available from the
default provider. We move them into the FIPS provider too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)

5 years agoWrite a test for receiving a KeyUpdate (update requested) while writing
Matt Caswell [Wed, 17 Apr 2019 09:30:53 +0000 (10:30 +0100)]
Write a test for receiving a KeyUpdate (update requested) while writing

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)

5 years agoDefer sending a KeyUpdate until after pending writes are complete
Matt Caswell [Wed, 17 Apr 2019 10:09:05 +0000 (11:09 +0100)]
Defer sending a KeyUpdate until after pending writes are complete

If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.

This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.

Fixes #8677

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)

5 years agoRemove file reference from property documentation.
Pauli [Sun, 2 Jun 2019 22:38:01 +0000 (08:38 +1000)]
Remove file reference from property documentation.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9066)

5 years agoAdd the content type attribute to additional CMS signerinfo.
Shane Lontis [Mon, 3 Jun 2019 05:19:48 +0000 (15:19 +1000)]
Add the content type attribute to additional CMS signerinfo.

Fixes #8923

Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not adding the required signed attribute
content type. The content type attribute should always exist since it is required is there are
any signed attributes.
As the signing time attribute is always added in code, the content type attribute is also required.
The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes
e.g. The message digest attribute is a signed attribute that must exist if any signed attributes
exist, it cannot be an unsigned attribute and there must only be one instance containing a single
value.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8944)

5 years agoFix a typo in the property grammar that creates an ambiguous parse.
Pauli [Sun, 2 Jun 2019 22:06:15 +0000 (08:06 +1000)]
Fix a typo in the property grammar that creates an ambiguous parse.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9065)

5 years agoWindows: Add missing quotes in build file
Richard Levitte [Sat, 1 Jun 2019 05:07:48 +0000 (07:07 +0200)]
Windows: Add missing quotes in build file

All invokations of $(PERL) need to be quoted, in case it contains
spaces.  That was forgotten in one spot.

Fixes #9060

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9062)

5 years agoAdd sparse array of const pointer type
Pauli [Sat, 1 Jun 2019 07:55:33 +0000 (17:55 +1000)]
Add sparse array of const pointer type

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8840)

5 years agoFix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.
David Benjamin [Thu, 30 May 2019 21:01:10 +0000 (17:01 -0400)]
Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9050)

5 years agoFix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux
Retropotenza [Fri, 31 May 2019 10:43:24 +0000 (12:43 +0200)]
Fix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux

CLA: trivial

Fixes #8911

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8866)

5 years agoUpdate X509_STORE_new.pod
Sambit Kumar Dash [Thu, 2 May 2019 18:23:04 +0000 (23:53 +0530)]
Update X509_STORE_new.pod

Minor typo.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8866)

5 years agoConstify OSSL_PROVIDER getter input parameters
Richard Levitte [Fri, 31 May 2019 08:53:12 +0000 (10:53 +0200)]
Constify OSSL_PROVIDER getter input parameters

Some OSSL_PROVIDER getters took a non-const OSSL_PROVIDER parameter.
There's no reason to do so.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9054)

5 years agoUpdate EVP_VerifyInit.pod
Sambit Kumar Dash [Thu, 30 May 2019 21:23:02 +0000 (02:53 +0530)]
Update EVP_VerifyInit.pod

Method name correction.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9052)

5 years agoissue-8998: Ensure that the alert is generated and reaches the remote
agnosticdev [Wed, 29 May 2019 15:27:26 +0000 (10:27 -0500)]
issue-8998: Ensure that the alert is generated and reaches the remote

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9041)

5 years agoCertificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Andreas Kretschmer [Tue, 2 Apr 2019 09:16:53 +0000 (11:16 +0200)]
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712)

CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI.
    Adds extensive man pages and tests.  Integration into build scripts.

Incremental pull request based on OpenSSL commit 1362190b1b78 of 2018-09-26

3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8669)

5 years agoAdd man 7 page about properties.
Pauli [Thu, 30 May 2019 00:57:53 +0000 (10:57 +1000)]
Add man 7 page about properties.

Add a page about properties in the man7 section of the public documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9011)

5 years agoJoin the x509 and x509v3 directories
Richard Levitte [Mon, 13 May 2019 16:07:45 +0000 (09:07 -0700)]
Join the x509 and x509v3 directories

This has been long overdue.

Note that this does not join the X509 and X509V3 error modules, that
will be too many macro changes at this stage.

Fixes #8919

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8925)

5 years agoFuzz: add a few more types into Fuzzing for ESS
FdaSilvaYY [Wed, 30 Jan 2019 20:16:38 +0000 (21:16 +0100)]
Fuzz: add a few more types into Fuzzing for ESS

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8117)

5 years agoCAdES: Fix SignerInfo attribute construction order.
FdaSilvaYY [Tue, 29 Jan 2019 22:54:30 +0000 (23:54 +0100)]
CAdES: Fix SignerInfo attribute construction order.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8117)

5 years agocrypto/conf: openssl_config_int() returns unitialized value
Dr. Matthias St. Pierre [Tue, 28 May 2019 12:29:59 +0000 (14:29 +0200)]
crypto/conf: openssl_config_int() returns unitialized value

openssl_config_int() returns the uninitialized variable `ret`
when compiled with OPENSSL_SYS_UEFI.

Fixes #9026

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9029)

5 years agoTypo BIO_SOCK_REUSADDR => BIO_SOCK_REUSEADDR
Iuri Rezende Souza [Tue, 28 May 2019 04:02:34 +0000 (00:02 -0400)]
Typo BIO_SOCK_REUSADDR => BIO_SOCK_REUSEADDR

CLA: trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9021)

5 years agoTest of uniformity of BN_rand_range output.
Pauli [Tue, 28 May 2019 23:54:29 +0000 (09:54 +1000)]
Test of uniformity of BN_rand_range output.

Rework the test so that it fails far less often.

A number of independent tests are executed and 5% are expected to fail.
The number of such failures follows a binomial distribution which permits
a statistical test a 0.01% expected failure rate.

There is a command line option to enable the stochastic range checking.
It is off by default.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8830)

5 years agofix timeout in 30-test_evp_pkey_dparam
Shane Lontis [Tue, 28 May 2019 23:50:19 +0000 (09:50 +1000)]
fix timeout in 30-test_evp_pkey_dparam

enabling the 'enable-crypto-mdebug' option and running parameter generation
causes timeouts.
Loading pregenerated params is more suited for these tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9022)

5 years agoConfigurations/unix-Makefile.tmpl: not -v for rm
Richard Levitte [Mon, 27 May 2019 12:20:20 +0000 (14:20 +0200)]
Configurations/unix-Makefile.tmpl: not -v for rm

Not all Unixen know the -v option

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9012)

5 years agoConfigure: link AIX modules correctly
Richard Levitte [Mon, 27 May 2019 12:16:47 +0000 (14:16 +0200)]
Configure: link AIX modules correctly

Use -bnoentry, not -bexpall

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9012)

5 years agoThe SHA256 is not a mandatory digest for DSA.
Tomas Mraz [Mon, 27 May 2019 14:52:03 +0000 (16:52 +0200)]
The SHA256 is not a mandatory digest for DSA.

The #7408 implemented mandatory digest checking in TLS.
However this broke compatibility of DSS support with GnuTLS
which supports only SHA1 with DSS.

There is no reason why SHA256 would be a mandatory digest
for DSA as other digests in SHA family can be used as well.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9015)

5 years agoConfigure: Remove extra warning and sanitizer options from CXXFLAGS
Richard Levitte [Mon, 27 May 2019 12:40:25 +0000 (14:40 +0200)]
Configure: Remove extra warning and sanitizer options from CXXFLAGS

We add the extra warning and sanitizer options to check our code,
which is entirely in C.  We support C++ compilers uniquely for the
sake of certain external test suites, and those projects can probably
sanitize their own code themselves.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9013)

5 years agoAdd d2i_KeyParams/i2d_KeyParams API's.
Shane Lontis [Mon, 27 May 2019 11:52:37 +0000 (21:52 +1000)]
Add d2i_KeyParams/i2d_KeyParams API's.

Convert EVP_PKEY Parameters to/from binary.
This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters
in a similar way to Public and Private Keys.
The API's can be used by applications (including openssl apps) that only
want to use EVP_PKEY without needing to access low level key API's.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8903)

5 years agoChanged ssl layer to use EVP_KDF API for TLS1_PRF and HKDF.
David Makepeace [Sun, 26 May 2019 23:29:43 +0000 (09:29 +1000)]
Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9010)

5 years agodoc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements
Richard Levitte [Mon, 15 Apr 2019 15:30:11 +0000 (17:30 +0200)]
doc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements

The documentation of what a X509_LOOKUP implementation must do was
unclear and confusing.  Most of all, clarification was needed that it
must store away the found objects in the X509_STORE.

Fixes #8707

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8755)

5 years agoAdded Conforming To section to EVP_KDF_TLS1_PRF documentation.
David Makepeace [Sun, 26 May 2019 22:21:50 +0000 (08:21 +1000)]
Added Conforming To section to EVP_KDF_TLS1_PRF documentation.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9008)

5 years agoOCSP: fix memory leak in OCSP_url_svcloc_new method.
FdaSilvaYY [Sun, 19 May 2019 22:33:58 +0000 (00:33 +0200)]
OCSP: fix memory leak in OCSP_url_svcloc_new method.
Add a few coverage test case.

Fixes #8949

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8959)

5 years agoFix input checks wrt legacy code
Simo Sorce [Fri, 24 May 2019 21:35:04 +0000 (17:35 -0400)]
Fix input checks wrt legacy code

In all legacy code ctx->cipher is dereferenced without checks, so it
makes no sense to jump there is ctx->cipher is NULL as it will just lead
to a crash. Catch it separately and return an error.

This is simlar to the fix in d2c2e49eab69c7446c1c2c7227f63f8618ca99a5

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9002)

5 years agocrypto/evp/evp_key.c: #define BUFSIZ if <stdio.h> doesn't #define it
Laszlo Ersek [Thu, 9 May 2019 19:29:48 +0000 (21:29 +0200)]
crypto/evp/evp_key.c: #define BUFSIZ if <stdio.h> doesn't #define it

CLA: trivial

Fixes #8904

Commit 48feaceb53fa ("Remove the possibility to disable the UI module
entirely", 2017-07-03) made the BUFSIZ references in "evp_key.c"
unconditional, by deleting the preprocessing directive "#ifndef
OPENSSL_NO_UI". This breaks the build when compiling OpenSSL for edk2
(OPENSSL_SYS_UEFI), because edk2's <stdio.h> doesn't #define BUFSIZ.

Provide a fallback definition, like we do in "crypto/ui/ui_util.c" (from
commit 984d6c605216, "Fix no-stdio build", 2015-09-29).

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8922)

5 years agoUse fixed length for formatting standard cipher names
Daniël van Eeden [Fri, 24 May 2019 12:06:38 +0000 (14:06 +0200)]
Use fixed length for formatting standard cipher names

Example with patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384                        - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256                  - TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256                        - TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```

Example without patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```

CLA: Trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8999)

5 years agoUpdate format string for ciphers to account for newer ciphers
Daniël van Eeden [Fri, 24 May 2019 10:52:33 +0000 (12:52 +0200)]
Update format string for ciphers to account for newer ciphers

* Cipher name: from 23 to 30 (example: ECDHE-ECDSA-AES128-GCM-SHA256)
* Fixed length for TLS version (examples: TLSv1, TLSv1.3)
* Au length from 4 to 5 (example: ECDSA)

Example (without patch):
```
$ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
```

Example (with patch):
```
$ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA'
TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA         TLSv1   Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
```

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8999)

5 years agoissue-8973: Added const to parameters for values that were not altered
agnosticdev [Fri, 24 May 2019 01:33:19 +0000 (20:33 -0500)]
issue-8973: Added const to parameters for values that were not altered

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8995)

5 years agoDoc update: minor typo in CMS_verify.pod
Sambit Kumar Dash [Fri, 24 May 2019 02:26:22 +0000 (12:26 +1000)]
Doc update: minor typo in CMS_verify.pod
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8952)

5 years agoCleaned up tls1_prf and added comments.
David Makepeace [Thu, 23 May 2019 04:36:24 +0000 (14:36 +1000)]
Cleaned up tls1_prf and added comments.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8987)

5 years agoAdded algorithm description comments to HKDF.
David Makepeace [Thu, 23 May 2019 07:29:36 +0000 (17:29 +1000)]
Added algorithm description comments to HKDF.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8994)

5 years agoFix a crash in the speed command with wrap ciphers
Bernd Edlinger [Sat, 13 Apr 2019 08:01:09 +0000 (10:01 +0200)]
Fix a crash in the speed command with wrap ciphers

e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)

5 years agoAdd more commentary about recursive Provider intialisation in the FIPS module
Matt Caswell [Tue, 21 May 2019 15:25:24 +0000 (16:25 +0100)]
Add more commentary about recursive Provider intialisation in the FIPS module

In addition this commit ensures that the "provctx" value is defaulted to the current
library context when we are recurively initialising the FIPS provider when already inside
the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

5 years agoMove where include path for providers/common/include gets specified
Matt Caswell [Fri, 19 Apr 2019 09:31:18 +0000 (10:31 +0100)]
Move where include path for providers/common/include gets specified

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

5 years agoMake some EVP code available from within the FIPS module
Matt Caswell [Mon, 13 May 2019 05:41:06 +0000 (06:41 +0100)]
Make some EVP code available from within the FIPS module

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

5 years agoMake core code available within the FIPS module
Matt Caswell [Wed, 10 Apr 2019 14:01:40 +0000 (15:01 +0100)]
Make core code available within the FIPS module

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

5 years agoAdd the NIST CAVS test vectors for CCM
Matt Caswell [Wed, 22 May 2019 18:36:25 +0000 (19:36 +0100)]
Add the NIST CAVS test vectors for CCM

This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and
coverts them for use within evp_test. This commit also adds a script to
convert the .rsp CAVS files into the evp_test format.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8981)

5 years agoAvoid trailing space in "openssl version -o".
Pauli [Tue, 21 May 2019 01:30:16 +0000 (11:30 +1000)]
Avoid trailing space in "openssl version -o".

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8963)

5 years agoAlways show application and library versions in "openssl version".
Pauli [Tue, 21 May 2019 01:28:19 +0000 (11:28 +1000)]
Always show application and library versions in "openssl version".

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8963)

5 years agoFix GOST OID
voev [Wed, 22 May 2019 12:46:18 +0000 (15:46 +0300)]
Fix GOST OID

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8979)

5 years agoEVP_Digest*: enable SHA3 pre-hashing for DSA
Patrick Steuer [Tue, 21 May 2019 16:50:39 +0000 (18:50 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for DSA

Fixes #7323

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)

5 years agoEVP_Digest*: enable SHA3 pre-hashing for ECDSA
Patrick Steuer [Tue, 21 May 2019 15:43:54 +0000 (17:43 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for ECDSA

Fixes #8957

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)

5 years agos390x assembly pack: allow specifying the tag after aad in aes-ccm
Patrick Steuer [Tue, 21 May 2019 17:10:28 +0000 (19:10 +0200)]
s390x assembly pack: allow specifying the tag after aad in aes-ccm

67c81ec311 forgot about s390x

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8971)